[OpenWrt-Devel] [RFC 26/27] kernel: netfilter: Adapt merge ipv4/ipv6 masquerade code

Yousong Zhou yszhou4tech at gmail.com
Wed Nov 28 00:53:00 EST 2018


On Wed, 28 Nov 2018 at 07:21, Hauke Mehrtens <hauke at hauke-m.de> wrote:
>
> In kernel commit 0168e8b361 ("netfilter: nat: merge ipv4/ipv6 masquerade
> code into main nat module") the CONFIG_NF_NAT_MASQUERADE_IPV4 and
> CONFIG_NF_NAT_MASQUERADE_IPV6 kernel configuration option were changed
> to bool and the code will not be compiled as a own module any more, but
> it will be integrated into nf_nat_ipv4.ko or nf_nat_ipv6.ko to save some
> memory.
>
> Activate these options as bool in the generic kernel 4.19 configuration
> only, to always build them into the nf_nat_ipv*.ko modules. The kmod
> file will still try to select them as module, but the generic
> configuration will not be overwritten.
>
> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
> ---
>  include/netfilter.mk             | 4 ++--
>  target/linux/generic/config-4.19 | 4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/include/netfilter.mk b/include/netfilter.mk
> index 2d232b5f5c..4b9cc20622 100644
> --- a/include/netfilter.mk
> +++ b/include/netfilter.mk
> @@ -187,10 +187,10 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))
>  $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),))
>  $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT, $(P_XT)nf_nat_redirect, ge 3.19.0),))
>  $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4),))
> -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4),))
> +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4, lt 4.18),))
>
>  $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6),))
> -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6),))
> +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6, lt 4.18),))
>
>  $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_NAT, $(P_XT)xt_nat),))
>  $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_IP_NF_NAT, $(P_V4)iptable_nat),))
> diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19
> index c197f58464..5dec53c0f3 100644
> --- a/target/linux/generic/config-4.19
> +++ b/target/linux/generic/config-4.19
> @@ -3352,8 +3352,8 @@ CONFIG_NF_CONNTRACK_PROCFS=y
>  # CONFIG_NF_NAT_H323 is not set
>  # CONFIG_NF_NAT_IPV6 is not set
>  # CONFIG_NF_NAT_IRC is not set
> -# CONFIG_NF_NAT_MASQUERADE_IPV4 is not set
> -# CONFIG_NF_NAT_MASQUERADE_IPV6 is not set
> +CONFIG_NF_NAT_MASQUERADE_IPV4=y
> +CONFIG_NF_NAT_MASQUERADE_IPV6=y

The ipv6 config option should be placed into config/Config-kernel.in,
so that it can depend on the state of CONFIG_KERNEL_IPV6 option.

Regards,
                yousong

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list